Commit 6111384f authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Stop users from editing each others' plans & tasks (bug #618532)


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 1610370d
......@@ -39,7 +39,9 @@ define('TITLE', get_string('editplan','artefact.plans'));
$id = param_integer('id');
$artefact = new ArtefactTypePlan($id);
$USER->can_edit_artefact($id);
if (!$USER->can_edit_artefact($artefact)) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
$editform = ArtefactTypePlan::get_form($artefact);
......
......@@ -38,7 +38,9 @@ define('TITLE', get_string('edittask','artefact.plans'));
$id = param_integer('id');
$task = new ArtefactTypeTask($id);
$USER->can_edit_artefact($task);
if (!$USER->can_edit_artefact($task)) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
$form = ArtefactTypeTask::get_form($task->get('parent'), $task);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment